cal.pub0.org/lib/helpers/verifyApiKey.ts

import { NextMiddleware } from "next-api-middleware";

import { hashAPIKey } from "@calcom/ee/lib/api/apiKeys";
import prisma from "@calcom/prisma";

// Used to check if the API key is not expired, could be extracted if reused. but not for now.
export const dateInPast = function (firstDate: Date, secondDate: Date) {
  if (firstDate.setHours(0, 0, 0, 0) <= secondDate.setHours(0, 0, 0, 0)) {
    return true;
  }
};
const today = new Date();

// This verifies the API key and sets the user if it is valid.
export const verifyApiKey: NextMiddleware = async (req, res, next) => {
  if (!req.query.apiKey) res.status(401).json({ message: "No API key provided" });

  const strippedApiKey = `${req.query.apiKey}`.replace(process.env.API_KEY_PREFIX || "pt_secret_", "");
  const hashedKey = hashAPIKey(strippedApiKey);

  await prisma.apiKey
    .findUnique({ where: { hashedKey } })
    .then(async (apiKey) => {
      if (!apiKey) {
        res.status(401).json({ error: "You did not provide an api key" });
        throw new Error("No api key found");
      }
      if (apiKey.userId) res.setHeader("X-Calcom-User-ID", apiKey.userId);
      if (apiKey.expiresAt && apiKey.userId && dateInPast(today, apiKey.expiresAt)) await next();
    })
    .catch((error) => {
      res.status(401).json({ error: "Your api key is not valid" });
    });
};
feat: successfully protected all endpoints with next-api-middleware for verifyApiKey 2022-03-29 00:25:24 +00:00			`import { NextMiddleware } from "next-api-middleware";`
prettier 2022-03-30 12:17:55 +00:00
make verifyApiKey check for hashed, need @calcom/ee in transpile modules next.config 2022-04-07 23:59:04 +00:00			`import { hashAPIKey } from "@calcom/ee/lib/api/apiKeys";`
feat: successfully protected all endpoints with next-api-middleware for verifyApiKey 2022-03-29 00:25:24 +00:00			`import prisma from "@calcom/prisma";`
Adds basic CRUD endpoints for bookingReferences, Crendentials, DailyEventReferences, DestinationCalendars, EventTypeCustomInputs, Memberships, Schedules, and SelectedCalendars 2022-03-28 22:27:14 +00:00
some fixes on helpers/middlewares 2022-04-08 16:08:26 +00:00			`// Used to check if the API key is not expired, could be extracted if reused. but not for now.`
			`export const dateInPast = function (firstDate: Date, secondDate: Date) {`
prettier 2022-03-30 12:17:55 +00:00			`if (firstDate.setHours(0, 0, 0, 0) <= secondDate.setHours(0, 0, 0, 0)) {`
			`return true;`
			`}`
			`};`
feat: successfully protected all endpoints with next-api-middleware for verifyApiKey 2022-03-29 00:25:24 +00:00			`const today = new Date();`
Adds basic CRUD endpoints for bookingReferences, Crendentials, DailyEventReferences, DestinationCalendars, EventTypeCustomInputs, Memberships, Schedules, and SelectedCalendars 2022-03-28 22:27:14 +00:00
some fixes on helpers/middlewares 2022-04-08 16:08:26 +00:00			`// This verifies the API key and sets the user if it is valid.`
feat: successfully protected all endpoints with next-api-middleware for verifyApiKey 2022-03-29 00:25:24 +00:00			`export const verifyApiKey: NextMiddleware = async (req, res, next) => {`
feat: users, teams, selectedCalendars w new code/docs 2022-03-30 14:56:24 +00:00			`if (!req.query.apiKey) res.status(401).json({ message: "No API key provided" });`
some fixes on helpers/middlewares 2022-04-08 16:08:26 +00:00
feat: credentials, teams 2022-04-13 00:12:16 +00:00			const strippedApiKey = `${req.query.apiKey}`.replace(process.env.API_KEY_PREFIX \|\| "pt_secret_", "");
make verifyApiKey check for hashed, need @calcom/ee in transpile modules next.config 2022-04-07 23:59:04 +00:00			`const hashedKey = hashAPIKey(strippedApiKey);`
some fixes on helpers/middlewares 2022-04-08 16:08:26 +00:00
			`await prisma.apiKey`
			`.findUnique({ where: { hashedKey } })`
			`.then(async (apiKey) => {`
			`if (!apiKey) {`
			`res.status(401).json({ error: "You did not provide an api key" });`
			`throw new Error("No api key found");`
			`}`
feat: credentials, teams 2022-04-13 00:12:16 +00:00			`if (apiKey.userId) res.setHeader("X-Calcom-User-ID", apiKey.userId);`
some fixes on helpers/middlewares 2022-04-08 16:08:26 +00:00			`if (apiKey.expiresAt && apiKey.userId && dateInPast(today, apiKey.expiresAt)) await next();`
			`})`
			`.catch((error) => {`
			`res.status(401).json({ error: "Your api key is not valid" });`
			`});`
feat: successfully protected all endpoints with next-api-middleware for verifyApiKey 2022-03-29 00:25:24 +00:00			`};`